The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.01 - Jan.-Feb. (2013 vol.11)
pp: 90-93
Alexander Kott , US Army Research Laboratory
Curtis Arnold , US Army Research Laboratory
ABSTRACT
Continuous monitoring and risk scoring is a comprehensive process of maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. Two of the most salient aspects of CMRS are continuous data collection through automated feeds and analysis of that data to assess and score risks. CMRS attracts growing interest due to its potential to be far more agile, responsive, and perhaps less expensive than such alternatives as periodic reporting and certification. While the potential benefits could be great, so are the challenges of implementing a successful CMRS system.
INDEX TERMS
Risk assessment, Network security, Computer security, Software performance, Monitoring, CMRS, cybersecurity, continuous monitoring, risk scoring, vulnerability assessment, network defense
CITATION
Alexander Kott, Curtis Arnold, "The Promises and Challenges of Continuous Monitoring and Risk Scoring", IEEE Security & Privacy, vol.11, no. 1, pp. 90-93, Jan.-Feb. 2013, doi:10.1109/MSP.2013.19
REFERENCES
1. K. Dempsey et al., “Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations,” NIST Special Publication 800-137, Nat'l Inst. Standards and Tech., Sept. 2011.
2. Executive Office of the President, Office of Management and Budget, Memorandum M-10-15, 21 Apr. 2010; www.whitehouse.gov/sites/default/files/omb/ assets/memoranda_2010m10-15.pdf.
3. Dept. of Defense Chief Information Office, “Mobile Device Strategy,” May 2012; www.defense.gov/newsdodmobilitystrategy.pdf
4. Dept. of Defense Chief Information Office, “Cloud Computing Strategy,” July 2012; www.defense.com/newsdodcloudcomputingstrategy.pdf .
5. Defense Signals Directorate, “Strategies to Mitigate Targeted Cyber Intrusions,” Oct. 2012; www.dsd.gov.au/infosec/top-mitigationstop35mitigationstrategies-list.htm .
6. W. Jackson, “Is Continuous Security Monitoring Worth the Payoff?,” Defense Systems, 4 Apr. 2012; http://defensesystems.com/Articles/2012/ 04/04FOSE-Continuousmonitoring.aspx?Page=1 .
7. W. Jensen, “Directions in Security Metrics Research,” NISTIR 7564, Nat'l Inst. Standards and Tech., Apr. 2009.
8. N. Bartol et al., “Measuring Cyber Security and Information Assurance: A State of the Art Report,” Defense Technical Information Center, May 2009.
9. R.P. Lippman et al., “Continuous Security Metrics for Prevalent Network Threats: Introduction and First Four Metrics,” tech. report ESC-TR-2010-090, MIT, May 2012.
27 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool